Config directory (confdir)
confdir is the main directory for the Puppet configuration. It contains configuration files and the
*nix root users:
When Puppet is running as
root, a Windows user with administrator
privileges, or the
puppet user, it uses a
system-wide confdir. When running as a non-root user, it uses a confdir in that
user's home directory.
When running Puppet commands and services as
usually you want to use the system codedir. To use the same codedir as the Puppet agent or the primary Puppet server, run admin commands with
Puppet’s confdir can’t be set in the
because Puppet needs the confdir to locate
that config file. Instead, run commands with the
--confdir parameter to specify the confdir. If
--confdir isn’t specified when a Puppet application
is started, the command uses the default confdir location.
Puppet Server uses the
jruby-puppet.server-conf-dir setting in
to configure its confdir. If you are using a non-default confdir, you must
--confdir when you run commands like
puppet module to ensure they use the same directories as
The value of the confdir is discovered before other settings, so you can
reference it, using the
in the value of any other setting in
If you need to set nonstandard values for some settings, using the
$confdir variable allows you to avoid absolute paths and
keep your Puppet-related files together.
The confdir contains several config files and the SSL data. You can change their locations, but unless you have a technical reason that prevents it, use the default structure. Click the links to see documentation for the files and directories in the codedir.
ssldirectory: contains each node’s certificate infrastructure.
puppet.conf: Puppet’s main config file.
csr_attributes.yaml: Optional data to be inserted into new certificate requests.
auth.conf: Access control rules for the primary server's network services.
fileserver.conf: Configuration for additional fileserver mount points.
hiera.yaml: The global configuration for Hiera data lookup. Environments and modules can also have their own
hiera.yamlfiles.Note: To provide backward compatibility for some existing Puppet 4 installations, if a
hiera.yamlfile exists in the codedir, it takes precedence over
hiera.yamlin the confdir. To ensure that Puppet honors the configuration in the confdir, remove any
hiera.yamlfile that is present in the codedir.
routes.yaml: Advanced configuration of indirector behavior.
autosign.conf: List of pre-approved certificate requests.
device.conf: Configuration for network devices managed by the